Google Says Snooping on Wi-Fi Networks Isn't Illegal

The fallout from Google collecting private information such as email from people's Wi-Fi networks several years ago just got worse. Google claims that it did nothing illegal by snooping on people's private unencrypted Wi-Fi networks, including gathering emails, private passwords, and more.

The issue dates back to 2010, when it was discovered that the cars Google used to photograph streets for its Street Maps service were also gathering private data from people's personal Wi-Fi networks -- all communications sent over the network, including private email messages. Google uses the innocuous term "payload data" to describe those communications.

At first Google claimed the reports weren't true, saying, that it "does not collect or store payload data." Then it backed off and admitted that it collected payload data, but claimed that it wasn't a privacy invasion because the data was "fragmented." Finally, it admitted that the data wasn't in fact fragmented.

Several federal investigations ensued, as well as investigations in Europe. The Federal Trade Commisssion ended its investigation back in October of 2010, and took no action. The Federal Communications Commission (FCC) also launched an investigation.

Several days ago, the FCC gave Google not even the slightest of wrist slaps, fining it $25,000. The FCC's findings were incredibly disturbing to anyone who fears for their privacy. The New York Times reports that Google fought providing information to investigators, writing that Google simply refused to provide information or even identify what employees had been involved in writing the program that snooped on Wi-Fi users. The Times wrote about the FCC report:

"Although a world leader in digital search capability, Google took the position that searching its employees' e-mail 'would be a time-consuming and burdensome task,’" the report said. The commission also noted that Google stymied its efforts to learn more about the data collection because its main architect, an engineer who was not identified, had invoked his Fifth Amendment right against self-incrimination.

When the commission asked Google to identify those responsible for the program, Google "unilaterally determined that to do so would 'serve no useful purpose,'" according to the F.C.C. report.

Google only began providing information to the FCC when threatened with a subpoena, the Times reports.

So why the minuscule fine? That's the most disturbing part of the entire incident. The FCC said that it wasn't clear that it is illegal to gather all the data you want from people's Wi-Fi networks, as long as those networks aren't encrypted.

Two laws potentially govern snooping on Wi-Fi networks, and because they were written before Wi-Fi existed, it's unclear whether snooping on unencrypted Wi-Fi is illegal. The Times notes that the Communications Act bans intercepting radio communications "except as authorized by the Wiretap Act."

According to the Times, the Wiretap Act

says it is "not unlawful to" intercept unencrypted communication, but it does not give specific permission for the interception of unencrypted communications.

Essentially that leaves it up to the courts and federal agencies to interpret illegal Wi-Fi snooping on a case-by-case basis. In Google's case, the engineer responsible for writing the snooping code refused to give information to the FCC, citing his Fifth Amendment right against self-incrimination. So the FCC simply couldn't decide if Google clearly violated the laws. So it fined Google $25,000, not for violating the law, but for impeding the investigation.

Google maintains that it did nothing illegal in snooping on unencrypted Wi-Fi networks. It told the Times:

"It was a mistake for us to include code in our software that collected payload data, but we believe we did nothing illegal."

There was a time years ago when I didn't worry about encrypting my Wi-Fi network, figuring that the odds of a drive-by hacker wanting to break in were about nil. But I hadn't counted on big companies like Google doing the snooping. So several years ago I began encrypting. You should, too, especially given that the law doesn't clearly protect the privacy of communications over unencrypted Wi-Fi.

Subscribe to the Security Watch Newsletter

Comments